﻿<%@ Page Title="" Language="C#" MasterPageFile="~/Site1.Master" AutoEventWireup="true"
    MaintainScrollPositionOnPostback="true" CodeBehind="Default.aspx.cs" Inherits="ESAM_Assignment_3.Default" %>

<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
    <style type="text/css">
        .style6
        {
            font-family: "Courier New" , Courier, monospace;
        }
        .style7
        {
            color: #FF0000;
        }
    </style>
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">
    <asp:Panel ID="pnlContent" runat="server" BackColor="White">
        <strong>ESAM ASSIGNMENT 3</strong><br />
        <p>
            <strong>Introduction </strong>
            <br />
            <ul>
                <li style="list-style-type: circle;">ESAM Assignment 3 Web Application is a simple 
                    web-based comment system.</li>
                <li style="list-style-type: circle;">Users are permitted to view all comments, post
                    new comments and edit only their own comments. Comments may include only the following
                    HTML Tags:</li>
                <ul>
                    <li style="list-style-type: square;"><span class="style6">&lt;b&gt;&lt;/b&gt;</span></li>
                    <li style="list-style-type: square;"><span class="style6">&lt;i&gt;&lt;/i&gt;</span></li>
                </ul>
                <li style="list-style-type: circle;"><span class="style7">Only the admin user can access
                    the webpages - Administration.aspx, ManageUsers.aspx and ManageComments.aspx</span></li>
                <li style="list-style-type: circle;">Only authenticated users are permitted to post
                    and edit comments.</li>
            </ul>
            <br />
            <br />
            <strong>To Begin:</strong><br />
            <ul>
                <li style="list-style-type: circle;">Please click on the &quot;<strong><em>Create Database,
                    Tables and Test Data</em></strong>&quot; button below to create the database (ESAM_ASSIGNMENT),
                    tables and test data.</li>
                <li style="list-style-type: circle;">Please spend some time going through the database
                    schema and the test data created.</li>
                <li style="list-style-type: circle;">The admin user is hardcoded into the system. The
                    username/password for the admin is simply: admin</li>
            </ul>
            <br />
            <strong>Requirements:</strong><br />
            <ul>
                <li style="list-style-type: circle;">Base on the research you have done for Assignment
                    1, detect the vulnerabilities of this web application and implement codes to secure
                    this web application.</li>
                <li style="list-style-type: circle;">The admin user must NOT be hardcoded. (Why should
                    this not be hardcoded?)</li>
                <li style="list-style-type: circle;">All Connection Strings to access the SQL Server
                    should be declare in the <i>web.config</i> file and encrypted. </li>
                <li style="list-style-type: circle;">Modify the codes to allow authenticated users to
                    post comments with the permited HTML Tags.</li>
                <li style="list-style-type: circle;">DO NOT modify the codes within <em>DBManager.cs</em><li
                    style="list-style-type: circle;">DO NOT modify the files <em>Default.aspx</em> and
                    <em>Default.aspx.cs</em><li style="list-style-type: circle;">DO NOT modify the following
                        session variables:</li>
                    <ul>
                        <li class="style6" style="list-style-type: square;">Session[&quot;ESAM_ADMIN&quot;]</li>
                        <li class="style6" style="list-style-type: square;">Session[&quot;ESAM_LOGIN&quot;]</li>
                        <li class="style6" style="list-style-type: square;">Session[&quot;ESAM_FULLNAME&quot;]</li>
                        <li class="style6" style="list-style-type: square;">Session[&quot;ESAM_USERID&quot;]</li>
                    </ul>
                </li>
                </li>
            </ul>
            <p>
            </p>
        </p>
    </asp:Panel>
    <asp:Panel ID="pnlStartUp" runat="server" BackColor="#CCCCCC" BorderColor="Silver"
        BorderStyle="Solid" BorderWidth="1px">
        Create the database (ESAM_ASSIGNMENT), tables and test data.
        <asp:Label ID="lblCreate" runat="server"></asp:Label>
        <br />
        <br />
        <asp:Button ID="btnGo" runat="server" OnClick="btnGo_Click" Text="Create Database, Tables and Test Data" />
        <br />
        <br />
        Remove the database (ESAM_ASSIGNMENT) and all tables.
        <asp:Label ID="lblRemove" runat="server"></asp:Label>
        <br />
        <br />
        <asp:Button ID="btnRemove" runat="server" Text="Remove Database" OnClick="btnRemove_Click" />
        <br />
        <br />
        <asp:Label ID="lblStatus" runat="server"></asp:Label>
    </asp:Panel>
</asp:Content>
